{"id":"MGASA-2020-0058","summary":"Updated samba packages fix security vulnerabilities","details":"The implementation of ACL inheritance in the Samba AD DC was not\ncomplete, and so absent a 'full-sync' replication, ACLs could get out of\nsync between domain controllers (CVE-2019-14902).\n\nWhen processing untrusted string input Samba can read past the end of\nthe allocated buffer when printing a \"Conversion error\" message to the\nlogs. This can cause a crash after the failed character conversion when\noperating at log level 3 or above (CVE-2019-14907).\n\nDuring DNS zone scavenging (of expired dynamic entries) in a Samba AD\nDC, there is a read of memory after it has been freed (CVE-2019-19344).\n\nNote that manual intervention is required to fully implement the fix\nfor CVE-2019-14902.  See the upstream advisory for details.\n","modified":"2026-04-16T04:43:10.045056463Z","published":"2020-01-28T07:52:40Z","upstream":["CVE-2019-14902","CVE-2019-14907","CVE-2019-19344"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0058.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=26113"},{"type":"WEB","url":"https://usn.ubuntu.com/4244-1/"},{"type":"ADVISORY","url":"https://www.samba.org/samba/security/CVE-2019-14902.html"},{"type":"ADVISORY","url":"https://www.samba.org/samba/security/CVE-2019-14907.html"},{"type":"ADVISORY","url":"https://www.samba.org/samba/security/CVE-2019-19344.html"},{"type":"WEB","url":"https://www.samba.org/samba/history/samba-4.10.12.html"}],"affected":[{"package":{"name":"samba","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/samba?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.10.12-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0058.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}